Docker容器未显示已装载的卷-访问问题
[英]Docker container not showing volume mounted - Access issue
问题描述
root@centdev01$ grep -e CMD -e RUN Dockerfile
RUN apt-get update
RUN apt-get -y install ruby ruby-dev build-essential redis-tools
RUN gem install --no-rdoc --no-ri sinatra json redis
RUN mkdir -p /opt/webapp
RUN chmod 777 /opt/webapp
CMD ["/opt/webapp/bin/webapp"]
root@centdev01$ docker build -t "alok87/sinatra" .
root@centdev01$ docker run -d -p 80 --name ubunsin10 -v $PWD/webapp:/opt/webapp alok87/sinatra
25ekgjalgjal25rkg
root@centdev01$ docker logs ubunsin10
/opt/webapp/bin/webapp: Permission Denied - /opt/webapp/bin/webapp ( Errno:EACCESS)
The issue is the volume is being mounted to the container but from the container it is not having any acces to the mounted volume. 
问题是该卷正被安装到容器上,但是从容器上它并没有访问已安装的卷。 I can cd to /opt/webapp/bin but i can not ls /opt/webapp/bin. 我可以CD到/ opt / webapp / bin,但不能ls / opt / webapp / bin。
Please suggest how it can be fixed. 请提出如何解决。 The host mount has all files having 777 permission. 主机装载中包含所有具有777权限的文件。
1 个解决方案
解决方案1
1 2014-10-06 15:16:49
Docker processes have the svirt_lxc_net_t default type. Docker进程具有svirt_lxc_net_t默认类型。 By default these processes are not allowed to access your content in /var , /root and /home . 默认情况下,这些过程都不允许访问在/ var内容,/根和/ home。
You have specify a suitable type label for your host folder, to allow the container processes to access the content. 您已经为主机文件夹指定了合适的类型标签,以允许容器进程访问内容。 You can do this by giving the $PWD/webapp folder the type label svirt_sandbox_file_t . 您可以通过为$ PWD / webapp文件夹指定类型标签svirt_sandbox_file_t来实现此目的 。
chcon -Rt svirt_sandbox_file_t $PWD/webapp
After this, you can access the folder from within the container. 之后,您可以从容器中访问文件夹。 Read more about it in Dan Walsh's article - Bringing new security features to Docker 在Dan Walsh的文章中了解更多相关内容-为Docker带来新的安全功能
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.